CVE-2025-14874
published 2025-12-18CVE-2025-14874: A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
A flaw was found in Nodemailer. This vulnerability allows a denial of service (DoS) via a crafted email address header that triggers infinite recursion in the address parser.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | node-nodemailer | < node-nodemailer 7.0.12+~7.0.5-1 (forky) | node-nodemailer 7.0.12+~7.0.5-1 (forky) |
| nodemailer | nodemailer | < 7.0.11 | 7.0.11 |
| nodemailer | nodemailer | >= 0 < 7.0.11 | 7.0.11 |
| redhat | advanced_cluster_management_for_kubernetes | — | — |
| redhat | ceph_storage | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH